Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

238. Re: Diablo III Hacking? May 23, 2012, 10:17 Verno
 
My coworker (btw, I am a Systems Security Engineer for the govt (CISSP), and have been doing security for decades) started up Wireshark, and then D3.. he was telling me how easy it was to hijack his session..the session ID floating around out there.. and then we got into the 2 step process it took to reverse engineer his authenticator.

Yeah, a friend of mine mentioned their use of unencrypted session IDs on the forums and they won't comment. Battle.net went down for maintenance later on as well which is amusing timing. I'd also note this same problem happened with Rift at launch but at least the devs owned up to it and fixed things quickly. This will likely just be handwaved away under the predictable guise of "ppl r stupid with computars!" which may be true but doesn't really answer every single case of this.

The other thing is that Battle.net accounts are very lucrative to hack. They are worth $25-50 a pop on the "black market", pose no risk of prosecution and are highly in demand. The idea that Blizzard is some unhackable entity just by virtue of being a profitable corporation is laughable. Quite often it's those same institutions which view IT/IS as money black holes and don't invest enough in them.
 
Avatar 51617
 
Playing: Gauntlet, Dark Souls 2, Wasteland 2
Watching: Intruders, 24 Live Another Day, The Signal
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

Blue's News logo